Photo Credit: castillerozaldívar via Compfight ccUsing an analogy of a Castle to describe the concept of a secure network or organisation isn’t uncommon. I’m not claiming that the analogy is new, or that it was my original idea. It is still a very useful one for a number of concepts and that is why I wanted to introduce it here.
Castles are, fundamentally, fortified buildings designed to protect key assets and offer security to the people living inside their walls. As in any security project, we need to start with understanding our assets, prioritising their importance and determine what protections are most appropriate to keep them safe. Once we have a basic understanding of what we’re protecting, we can start to build the castle in which to protect them.
Any castle needs walls (deny firewall rules) and a drawbridge (permit firewall rules). A large wall around the living areas of the Castle provide a defined perimeter to the premises. Those people who are outside the castle are unable to see what is going on inside, and the firewall will also provide a first line of defence in the event of an attack.
We need a lookout to ensure that the only people allowed to get inside the castle walls are people with a reason and approval to be there (stateful packet inspection), and we need a moat (a DMZ). Guards on the castle walls look out over the surrounding area, watching for any approaching armies (IDS), and are armed to deploy if any attempt was made to penetrate the castle’s defences (IPS). A Castle with manned walls of soldiers on lookout provides an early warning system for approaching armies, aka intrusion detection. If they are also armed, and can disable any invading armies, then they’re offering a form of intrusion prevention system. We may have smaller deployments inside the castle to protect the vault, and to log movement within the castle walls.
As well as good defences, Castles need to be able to go about their day to day business; trading, maintaining facilities and providing shelter to their staff. They need a way of allowing services; goods and food, into their walls, as well as ways to stop soldiers from raiding the kitchens and angry kitchen staff from stealing knives and swords.
Authorised deliveries are granted by permission through the Castle gates once the suppliers’ identity has been verified (logical access control). There are further authorisation points inside the castle, so soldiers will be banned from the kitchens and cooks from the weapons store. Once inside the castle, food (protocol) deliveries are permitted access to the kitchens via a specific entrance (port) while ammunitions (protocol) are granted access to weapon stores (port).
Castles as an analogy for security isn’t new, and because of that they’re often dismissed as irrelevant and outdated. They’re not, they just require a little bit of imagination.
To be continued…